* Mark Martinec <[email protected]>: > Patrick, > > > I've need to parse amavis log lines and noticed that amavis breaks long log > > lines into several chunks. This causes problems because some log lines miss > > information I'd need e.g. the following line contains the virus detected > > but not the mail_id I need to associated it with a certain message: > > > > amavis[11910]: (11910-15) p001 1/1 Content-Type: application/octet-stream, > > size: 218 B, name: eicar.bin.zip > > > > What could I do to get what I want? > > > > - Write my own log_templ? > > - Increase $logline_maxlen beyond that syslog usually accepts. I use > > rsyslog and speculate rsyslog might accept longer strings. Will verify... > > - ??? > > As far as amavisd is concerned, you may increase $logline_maxlen arbirtarily. > What happens with long log lines then depends on your syslog. The default > maxlen just fits a standard syslog syscall with its syslogd daemon that > comes with FreeBSD systems (and likely others). Check your logging daemon > to see what are its limits.
Thanks Mark. In our case rsyslog provides a setting ($MaxMessageSize) that corresponds to amavis' $logline_maxlen. We bumped both parameters up to a size that gives us what we need. > When one has additional macros in a log template (like the list of SA tests > that triggered, the From and Subject), the size of log lines often exceeds > 2000 characters or more. When amavisd breaks a long line into several > log entries, these are always wrapped at three characters (size of "...") > less then maxlen, the three dots appended at the end of a previous line > and at a start of the next line. A log file analyzer can splice these back > together reliably. Performancewise it seems to be better to have amavis send one line instead of the log file analyzer splice the lines back. But that's "seems". I am not the one working on this part of the project. Thanks! p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
